|
Regulatory Environment In India
|
|
The US and the UK have well-defined and comprehensive laws on data security and privacy. The US has sector-specific laws and laws at the federal and the state level. The UK has a comprehensive Data Protection Act covering all sectors.
While India lacks specific laws on privacy and data protection, there are proxy laws and other indirect safeguards, which provide adequate protection to companies offshoring work. Further, the Indian Government is proactively strengthening the existing legal system to cover data protection issues. A few of the proxy laws are Section 65, 66 and 72 of the Indian IT Act, the Indian Contract Act, Section 406 and 420 of the Indian Penal Code, and the Indian Copyright Act.
Key laws governing information security in India
Information Technology Act, 2000 In May 2000 the Indian Parliament passed the Information Technology Bill now known as the Information Technology Act, 2000. The Act covers cyber and related information technology laws in India. Some of the issues addressed by the Information Technology Act, 2000 include:
- Chapter II states that any subscriber can authenticate an electronic record with his digital signature, and subsequently any person can verify that document by using the subscriber's public key.
- Chapter III states that all electronic records and digital signatures have legal acceptance. The chapter also confers rights to the Central Government to make rules with respect to digital signatures.
- Chapter IV deals with the attribution, acknowledgement and dispatch of electronic records and digital signatures.
- Chapter VI deals with the regulation of the certifying authorities. The chapter also lists the powers of the controller to investigate any contraventions to the provisions of the Act.
- Chapter VII and VIII state the conditions under which a digital signature may be suspended or revoked.
- Chapter IX states that any person who accesses, downloads, copies, extracts data without authorized means or permission is punishable. The section also states that any person tampering with, damaging, denying unwarranted access to or manipulating any computer/computer system shall be liable to pay damages by way of compensation not exceeding INR 10 million to the affected persons. Introducing viruses or causing disruptions in a computer are also punishable under the Act.
- Chapter X describes the role of the Cyber Regulations Appellate Tribunal.
- Chapter XI deals with offences such as wrongful loss or damage or destruction of information, deletion or alteration of any information in a computer network, 'hacking' etc and prescribes their punishment. It also includes offences such as tampering with computer source documents; publishing obscene information, misrepresentation, and breach of confidentiality and privacy.
- Chapter XII states that if a network provider / intermediary can prove that he has taken diligent steps to prevent the offence he has been charged with, or that it was unintentional, he is not punishable under the Act.
Digital Signatures
Digital signatures were accorded legal acceptance by the IT Act. The Controller of Certifying Authorities, set up to implement the IT Act, has issued licenses to four players who can issue digital signatures. These are Safescrypt Limited, National Informatics Centre (NIC), Institute for Development and Research in Banking Technology (IDRBT), and Tata Consultancy Services (TCS). In July 2001 a set of laws known as the Information Technology (Certifying Authority) Regulations, 2001 were issued by the Government of India. These regulations detail the functioning of the certifying authorities in issuing digital signatures.
Intellectual Property Right Laws for Computer Software
Under Indian law, computer programs have copyright protection, but no patent protection. A software program is an algorithm and patent law does not protect algorithms per se. The term 'software' includes computer programs, databases, computer files, preparatory design material and associated printed documentation, such as users' manuals.
Under the Indian Copyright Act, copying from an engraving is an infringement of the copyright, but an engraving produced independently from the same picture is not. Copyright laws generally do not protect the owner from independent creation or reverse engineering. Therefore, many software and hardware companies have been able to take advantage of the copyright law's lack of protection against reverse engineering.
Indian Copyright Act
India has one of the most modern copyright protection laws in the world. A major development in the area of copyright was the amendment to the Copyright Act of 1957 in 1999, to make it fully compatible with the provisions of the TRIPS Agreement. Known as the Copyright (Amendment) Act, 1999, this Act came into force on January 15, 2000.
The 1994 amendment of the Copyright Act of 1957 brought sectors such as satellite broadcasting, computer software and digital technology under Indian copyright protection. The present Copyright Act conforms fully to the TRIPS obligations.
The other important development during 1999 was the issuance of the International Copyright Order, 1999, which extended the provisions of the Copyright Act to nationals of all World Trade Organization (WTO) member countries.
As per the provision in the Indian Copyright Act, 1957 and as amended in 1994-1995, any person who knowingly makes use on a computer of an infringing copy of computer program shall be punishable. According to Section 63 B, copyright infringement attracts a minimum jail term of seven days. The Act further provides for fines, which shall not be less than INR 50,000, but may extend up to INR 200,000, and a jail term up to three years or both.
The Ministry of Information Technology has taken also several initiatives to upgrade security standards in India. These include setting up organizations such as the Standardization, Testing and Quality Certification (STQC) Directorate, the Computer Emergency Response Team (CERT), the Information Security Technology Development Council (ISTDC), etc.
|
|
Updated on:
21 Jul, 2006
|
